1. #1

    Need help with detection of malware!

    I have very little knowledge about malware, virus & stuff. I run win7 professional with avast free anti virus & comodo firewall. I run other on demand scanners once a week just to check if everything is fine. But my laptop has started behaving kind of weird off late. It was faster some 5-6 months ago when i clean installed win. & also sometimes when i open google chrome i just get a blank blue screen & nothing else. these being a few of the changes that i could recall. & also as i am one who watches tv shows online, I often come across various ads which seem highly suspicious, & i have to close them before i can view the episodes. so i highly suspect that my security has been compromised.

    If anyone could kindly help me out with this, I would be highly grateful. Thanks in advance.
    Ive posted all the three logs from FRST & security analysis as instructed in the forum.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
    Ran by Rebecca (administrator) on REBECCA-PC (19-10-2016 19:37:10)
    Running from C:\Users\Rebecca\Downloads\Programs & setup files
    Loaded Profiles: Rebecca (Available Profiles: Rebecca)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
    () C:\Users\Rebecca\Desktop\Programs\Caps.exe
    () C:\Users\Rebecca\Desktop\Programs\Copy.exe
    () C:\Users\Rebecca\Desktop\Programs\Copycontents.exe
    () C:\Users\Rebecca\Desktop\Programs\dashlane.exe
    () C:\Users\Rebecca\Desktop\Programs\Downloads.exe
    () C:\Users\Rebecca\Desktop\Programs\FavSongs.exe
    () C:\Users\Rebecca\Desktop\Programs\Google.exe
    () C:\Users\Rebecca\Desktop\Programs\Hidemedia1.exe
    () C:\Users\Rebecca\Desktop\Programs\LibreOffice.exe
    () C:\Users\Rebecca\Desktop\Programs\Notepad.exe
    () C:\Users\Rebecca\Desktop\Programs\Paint.exe
    () C:\Users\Rebecca\Desktop\Programs\Recycle.exe
    () C:\Users\Rebecca\Desktop\Programs\Song.exe
    () C:\Users\Rebecca\Desktop\Programs\Text1.exe
    () C:\Users\Rebecca\Desktop\Programs\Tutorial.exe
    (The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\swriter.exe
    (The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\soffice.exe
    (The Document Foundation) C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
    (Dashlane, Inc.) C:\Users\Rebecca\AppData\Roaming\Dashlane\Dashlane.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Users\Rebecca\AppData\Roaming\Dashlane\DashlanePlugin.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe




    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-09-14] (COMODO)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
    HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-31] (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Restriction <======= ATTENTION


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{C061FCE4-9BBA-4CD5-B06B-0DE55D0FD626}: [DhcpNameServer] 192.168.1.1 192.168.1.1


    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-31] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-31] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1466243251918
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)


    FireFox:
    ========
    FF DefaultProfile: keurpdol.default
    FF ProfilePath: C:\Users\Rebecca\AppData\Roaming\Mozilla\Firefox\Profiles\keurpdol.default [2016-10-15]
    FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-31]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-31]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Rebecca\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\Rebecca\AppData\Roaming\IDM\idmmzcc5 [2016-10-19] [not signed]
    FF HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)


    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default [2016-10-19]
    CHR Extension: (Google Slides) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-18]
    CHR Extension: (Queen Elsa of Arendelle - Frozen) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\andadcipdpeombhjneecehpogbbjomij [2016-06-18]
    CHR Extension: (Google Docs) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-18]
    CHR Extension: (Google Drive) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-18]
    CHR Extension: (YouTube) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-18]
    CHR Extension: (Avast SafePrice) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-13]
    CHR Extension: (Dashlane) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-10-02]
    CHR Extension: (Google Sheets) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-18]
    CHR Extension: (Google Docs Offline) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-18]
    CHR Extension: (Avast Online Security) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-06-29]
    CHR Extension: (IDM Integration Module) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-18]
    CHR Extension: (Gmail) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-18]
    CHR Extension: (Chrome Media Router) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]
    CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-10-05]
    CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-10-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-06]
    CHR Extension: (Chrome Media Router) - C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-28]
    CHR Profile: C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-09]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-06-09]


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
    S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-31] (AVAST Software)
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-09-15] (COMODO)
    R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-09-14] (COMODO)
    R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
    R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
    S4 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2012-01-04] ()
    S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
    S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S4 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
    S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-31] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-31] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-31] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-31] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-31] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-23] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-31] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
    R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
    R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2016-06-20] (FNet Co., Ltd.)
    R1 FNETVDDA; C:\Windows\System32\drivers\FNETVDDA.SYS [37128 2016-06-20] (FNet Co., Ltd.)
    U5 gobi3kserial; C:\Windows\System32\Drivers\gobi3kserial.sys [233984 2010-12-13] (QUALCOMM Incorporated)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
    S3 TrufosAlt; C:\Windows\System32\DRIVERS\TrufosAlt.sys [390776 2016-09-30] (BitDefender S.R.L.)


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-10-19 19:36 - 2016-10-19 19:37 - 00000000 ____D C:\FRST
    2016-10-19 18:16 - 2016-10-19 18:16 - 00000000 ____D C:\SFCFix
    2016-10-19 18:13 - 2016-10-19 18:16 - 00000000 ____D C:\Users\Rebecca\AppData\Local\niemiro
    2016-10-12 22:42 - 2016-10-12 22:42 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-10-12 22:42 - 2016-10-12 22:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-10-12 22:42 - 2016-10-12 22:42 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-10-12 22:42 - 2016-10-12 22:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-10-12 22:42 - 2016-10-12 22:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-10-12 22:42 - 2016-10-12 22:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-10-12 22:41 - 2016-09-13 02:47 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-10-12 22:41 - 2016-09-13 02:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-10-12 22:41 - 2016-09-09 21:24 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-10-12 22:41 - 2016-09-09 21:24 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-10-12 22:41 - 2016-09-09 21:24 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-10-12 22:41 - 2016-09-09 21:24 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-10-12 22:41 - 2016-09-09 21:24 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-10-12 22:41 - 2016-09-09 21:24 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-10-12 22:41 - 2016-09-09 21:24 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-10-08 04:37 - 2016-10-08 04:37 - 00003142 _____ C:\Windows\System32\Tasks\HIbernate
    2016-10-07 12:28 - 2016-10-07 12:28 - 00000000 ____D C:\Program Files\AutoHotkey
    2016-10-07 12:15 - 2016-10-07 12:15 - 00001034 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
    2016-10-07 12:15 - 2016-10-07 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2016-10-07 12:15 - 2016-10-07 12:15 - 00000000 ____D C:\Program Files\VS Revo Group
    2016-10-07 11:50 - 2016-10-08 12:10 - 00000512 _____ C:\Users\Rebecca\Documents\MBR.dat
    2016-10-06 21:11 - 2016-10-06 21:11 - 00000000 ___HD C:\VTRoot
    2016-10-05 00:45 - 2016-10-05 00:45 - 00000000 ____D C:\ProgramData\Comodo Downloader
    2016-10-05 00:09 - 2016-10-05 00:13 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\Comodo
    2016-10-04 23:12 - 2016-10-19 19:19 - 00016856 _____ C:\Windows\system32\Drivers\fvstore.dat
    2016-10-04 23:01 - 2016-10-04 23:01 - 00001870 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
    2016-10-04 23:01 - 2016-10-04 23:01 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
    2016-10-04 22:59 - 2016-10-04 23:07 - 00000000 ____D C:\Program Files\COMODO
    2016-10-04 22:59 - 2016-10-04 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
    2016-10-04 22:58 - 2016-10-05 00:09 - 00000000 ____D C:\ProgramData\Comodo
    2016-10-04 22:58 - 2016-10-04 22:58 - 00000000 ____D C:\ProgramData\Shared Space
    2016-10-04 19:56 - 2016-10-04 19:56 - 00000000 ____D C:\Users\Rebecca\AppData\Local\Wokhan
    2016-10-04 19:46 - 2016-10-04 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2016-10-04 19:46 - 2016-10-04 19:46 - 00000000 ____D C:\Program Files\7-Zip
    2016-10-04 00:32 - 2016-04-16 12:48 - 06517356 _____ C:\Users\Rebecca\Downloads\Saviour.mp4
    2016-10-03 01:43 - 2016-10-07 12:28 - 00000000 ____D C:\Windows\ShellNew
    2016-10-02 14:23 - 2016-10-02 14:24 - 00000000 ____D C:\Users\Rebecca\AppData\LocalLow\Dashlane
    2016-10-02 14:20 - 2016-10-02 14:23 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
    2016-10-02 14:20 - 2016-10-02 14:23 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\Dashlane
    2016-10-02 14:20 - 2016-10-02 14:23 - 00000000 ____D C:\Program Files (x86)\Dashlane
    2016-10-02 14:20 - 2016-10-02 14:20 - 00000000 ____D C:\Users\Rebecca\AppData\Local\Packages
    2016-10-02 12:45 - 2016-10-08 12:10 - 00004318 _____ C:\Users\Rebecca\Documents\aswMBR.txt
    2016-10-01 23:23 - 2016-10-01 23:23 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2016-10-01 23:07 - 2016-10-01 23:23 - 00000000 ____D C:\Program Files\HitmanPro
    2016-10-01 22:46 - 2016-10-02 02:08 - 00000000 ____D C:\ProgramData\HitmanPro
    2016-09-30 22:46 - 2016-09-30 22:46 - 00001613 _____ C:\Users\Rebecca\Desktop\BDUSBImmunizerLauncher.lnk
    2016-09-30 22:31 - 2016-09-30 22:31 - 00003362 _____ C:\Windows\System32\Tasks\BDRemovalTool
    2016-09-30 22:20 - 2016-09-30 22:20 - 00390776 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
    2016-09-30 07:46 - 2016-09-30 07:46 - 00000000 ____D C:\Users\Rebecca\AppData\Local\fontconfig
    2016-09-30 07:43 - 2016-09-30 07:43 - 00000000 ____D C:\Users\Rebecca\Documents\FormatFactory
    2016-09-29 22:43 - 2016-09-29 22:43 - 00001071 _____ C:\Users\Rebecca\Desktop\Format Factory.lnk
    2016-09-29 22:43 - 2016-09-29 22:43 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
    2016-09-29 22:42 - 2016-09-29 22:43 - 00000000 ____D C:\Program Files (x86)\FormatFactory
    2016-09-25 16:24 - 2016-09-25 16:24 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\PotPlayerMini64
    2016-09-25 16:20 - 2016-09-25 16:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
    2016-09-25 16:20 - 2016-09-25 16:20 - 00000000 ____D C:\Program Files\DAUM
    2016-09-24 16:13 - 2016-09-24 16:22 - 00000618 __RSH C:\ProgramData\ntuser.pol
    2016-09-24 15:49 - 2016-08-12 22:32 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-09-24 15:49 - 2016-08-12 22:32 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2016-09-24 15:49 - 2016-08-12 22:32 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2016-09-24 15:49 - 2016-08-12 22:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2016-09-24 15:49 - 2016-08-12 22:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2016-09-24 15:49 - 2016-08-12 22:17 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2016-09-24 15:49 - 2016-08-12 22:17 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-09-24 15:49 - 2016-08-12 22:01 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2016-09-24 15:49 - 2016-08-12 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2016-09-24 15:49 - 2016-08-12 22:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2016-09-24 15:49 - 2016-08-12 21:56 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2016-09-24 15:49 - 2016-08-06 21:01 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2016-09-24 15:49 - 2016-08-06 21:01 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2016-09-24 15:49 - 2016-08-06 21:01 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2016-09-24 15:49 - 2016-08-06 21:01 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2016-09-24 15:49 - 2016-08-06 21:01 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
    2016-09-24 15:49 - 2016-08-06 21:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
    2016-09-24 15:49 - 2016-08-06 20:45 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2016-09-24 15:49 - 2016-08-06 20:45 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2016-09-24 15:49 - 2016-08-06 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2016-09-24 15:49 - 2016-08-06 20:45 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2016-09-24 15:49 - 2016-08-06 20:45 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
    2016-09-24 15:49 - 2016-08-06 20:31 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2016-09-24 15:49 - 2016-08-06 20:31 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
    2016-09-24 15:49 - 2016-08-06 20:23 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2016-09-24 15:49 - 2016-08-06 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
    2016-09-24 15:49 - 2016-08-06 20:23 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
    2016-09-24 15:49 - 2016-06-14 22:51 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2016-09-24 15:49 - 2016-06-14 22:46 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2016-09-24 15:49 - 2016-06-14 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2016-09-24 15:49 - 2016-06-14 22:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2016-09-24 15:49 - 2016-06-14 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2016-09-24 15:49 - 2016-06-14 20:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2016-09-24 15:49 - 2016-06-14 20:45 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2016-09-24 15:49 - 2016-06-14 20:45 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2016-09-24 15:49 - 2016-06-14 20:45 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2016-09-24 15:49 - 2016-06-14 20:35 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2016-09-24 15:49 - 2016-06-14 20:35 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2016-09-24 15:49 - 2016-06-14 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2016-09-24 15:49 - 2016-06-14 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2016-09-24 15:24 - 2016-08-29 21:01 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-09-24 15:24 - 2016-08-29 21:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-09-24 15:24 - 2016-08-29 21:01 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-09-24 15:24 - 2016-08-29 20:42 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-09-24 15:24 - 2016-08-29 20:42 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-09-24 15:24 - 2016-08-29 20:42 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-09-24 15:24 - 2016-08-29 20:34 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-09-24 15:24 - 2016-08-29 20:25 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-09-24 15:24 - 2016-08-17 02:10 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2016-09-24 15:24 - 2016-08-17 02:10 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2016-09-24 15:24 - 2016-08-17 02:10 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2016-09-24 15:24 - 2016-08-17 02:10 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2016-09-24 15:24 - 2016-08-17 02:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2016-09-24 15:24 - 2016-08-17 02:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2016-09-24 15:24 - 2016-08-17 02:10 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2016-09-23 00:25 - 2016-08-05 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-09-23 00:25 - 2016-08-05 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2016-10-19 19:37 - 2016-06-18 15:21 - 00000000 ____D C:\Users\Rebecca\Downloads\Programs & setup files
    2016-10-19 19:09 - 2009-07-14 10:15 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-10-19 19:09 - 2009-07-14 10:15 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-10-19 19:05 - 2009-07-14 10:43 - 00924636 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-10-19 19:05 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
    2016-10-19 19:04 - 2016-06-18 02:40 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
    2016-10-19 18:59 - 2016-06-18 02:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-10-19 18:59 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-19 18:53 - 2016-07-13 04:10 - 00047784 _____ C:\Users\Rebecca\Downloads\text.txt
    2016-10-19 18:41 - 2016-06-18 02:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-10-19 18:21 - 2016-06-23 06:37 - 00000000 ____D C:\Users\Rebecca\AppData\Local\ElevatedDiagnostics
    2016-10-19 17:58 - 2016-06-18 15:43 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\DMCache
    2016-10-19 03:42 - 2016-06-18 02:22 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-10-15 17:06 - 2016-06-18 15:55 - 00000000 ____D C:\Users\Rebecca\AppData\Roaming\vlc
    2016-10-14 17:54 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
    2016-10-14 03:17 - 2016-09-15 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2016-10-14 03:17 - 2016-09-15 01:05 - 00000000 ____D C:\Users\Rebecca\Desktop\mbar
    2016-10-14 03:17 - 2016-06-26 23:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-10-14 02:42 - 2016-06-18 02:17 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-10-13 15:35 - 2016-06-18 14:43 - 00000000 ____D C:\Users\Rebecca\AppData\Local\JDownloader v2.0
    2016-10-13 13:46 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
    2016-10-13 13:30 - 2016-06-18 02:22 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-10-13 12:08 - 2009-07-14 10:15 - 00315760 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-10-13 12:06 - 2016-06-24 22:22 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-10-13 12:06 - 2016-06-24 22:22 - 00000000 ____D C:\Windows\system32\appraiser
    2016-10-12 22:51 - 2016-06-23 00:12 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-12 22:44 - 2016-06-23 00:12 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-07 23:29 - 2016-04-24 05:32 - 00000000 ____D C:\Users\Rebecca\Downloads\My Stuff
    2016-10-06 19:46 - 2015-08-14 20:53 - 00000000 ____D C:\Users\Rebecca\Downloads\Texts
    2016-10-05 00:45 - 2016-06-18 01:00 - 00069832 _____ C:\Users\Rebecca\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-10-05 00:44 - 2016-08-18 19:21 - 00000000 ____D C:\Windows\system32\appmgmt
    2016-10-04 21:29 - 2016-06-18 01:45 - 00000000 ____D C:\Windows\System32\Tasks\Sony Corporation
    2016-10-04 21:29 - 2016-06-18 01:45 - 00000000 ____D C:\Program Files\Sony
    2016-10-04 01:12 - 2016-08-25 23:02 - 00000000 ____D C:\Users\Rebecca\Downloads\Pics
    2016-10-04 01:09 - 2016-08-05 18:42 - 00000000 ____D C:\Users\Rebecca\Downloads\IT
    2016-10-04 00:51 - 2016-06-18 02:43 - 00000000 ____D C:\Windows\pss
    2016-10-04 00:35 - 2016-07-06 23:40 - 00000000 ____D C:\Users\Rebecca\Downloads\Songs & christian videos
    2016-10-03 19:54 - 2016-06-18 14:36 - 00000000 ____D C:\Program Files\WinRAR
    2016-10-01 19:36 - 2016-06-18 02:27 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1466197035
    2016-09-29 17:03 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\tracing
    2016-09-26 13:56 - 2016-07-03 19:43 - 00000000 ___HD C:\Program Files And Folders
    2016-09-24 16:36 - 2016-09-15 15:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-09-24 16:12 - 2009-07-14 08:50 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2016-09-24 15:51 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2016-09-24 15:51 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
    2016-09-24 15:31 - 2016-06-18 02:13 - 00774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-09-23 00:33 - 2016-06-18 02:22 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2016-09-20 21:26 - 2016-09-15 14:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware


    ==================== Files in the root of some directories =======


    2016-07-20 21:04 - 2016-07-20 21:04 - 0000057 _____ () C:\ProgramData\Ament.ini


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed




    LastRegBack: 2016-10-15 00:43


    ==================== End of FRST.txt ============================


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2

    Re: Need help with detection of malware!

    As i could not post all the three logs in the main post Im posting the remaining over here.
    Thanks again..

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
    Ran by Rebecca (19-10-2016 19:38:02)
    Running from C:\Users\Rebecca\Downloads\Programs & setup files
    Windows 7 Professional Service Pack 1 (X64) (2016-06-17 19:06:03)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-2346135004-3240251215-1620024443-500 - Administrator - Disabled)
    Guest (S-1-5-21-2346135004-3240251215-1620024443-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2346135004-3240251215-1620024443-1002 - Limited - Enabled)
    Rebecca (S-1-5-21-2346135004-3240251215-1620024443-1000 - Administrator - Enabled) => C:\Users\Rebecca


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    7-Zip 16.03 (x64) (HKLM\...\7-Zip) (Version: 16.03 - Igor Pavlov)
    Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
    Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Atheros)
    ATI Catalyst Install Manager (HKLM\...\{158BEEC4-CC30-BF2F-248D-B52AF953E9C1}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
    AuthenTec WinBio FingerPrint Software (HKLM\...\{20F5F93B-9A27-4508-87B0-BFD7494FBEC4}) (Version: 3.1.0.80 - AuthenTec, Inc.)
    AutoHotkey 1.1.24.01 (HKLM\...\AutoHotkey) (Version: 1.1.24.01 - Lexikos)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    COMODO Firewall (HKLM\...\{C7C71F0C-4CC1-4B17-943C-96E5196DDA74}) (Version: 8.4.0.5165 - COMODO Security Solutions Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dashlane (HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\Dashlane) (Version: 4.6.1.18109 - Dashlane, Inc.)
    FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
    Gobi_Firmware (HKLM-x32\...\Gobi_Firmware) (Version: - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
    HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
    HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HW Gobi 3000 Driver 1.07.00.00 (HKLM-x32\...\HW Gobi 3000 Driver) (Version: 1.07.00.00 - Huawei technologies Co., Ltd.)
    Intel PROSet Wireless (x32 Version: - ) Hidden
    Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3086 - Intel Corporation)
    Intel(R) Driver Update Utility 2.5 (x32 Version: 2.5.0.22 - Intel) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{077BF055-512A-4D48-B3C2-44AD860FEB0A}) (Version: 1.3.0.0621 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{E7DC06A3-8516-4929-B712-80987AFFFB57}) (Version: 14.03.1000 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
    Intel® Driver Update Utility (HKLM-x32\...\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}) (Version: 2.5.0.22 - Intel)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    LibreOffice 5.2.0.4 (HKLM-x32\...\{8FA59B7B-1D26-408F-A798-BD11A65A68B9}) (Version: 5.2.0.4 - The Document Foundation)
    Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Potplayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
    Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
    SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
    VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.0.0.07070 - Sony Corporation)
    VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.7.0.07150 - Sony Corporation)
    VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
    VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
    VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
    WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
    Windows Driver Package - Atheros Communications Inc. (athr) Net (03/11/2011 9.2.0.316) (HKLM\...\DEEBF3DD97A309C0E7791804AA8D9A15B1172EED) (Version: 03/11/2011 9.2.0.316 - Atheros Communications Inc.)
    Windows Driver Package - Sony Corporation (SFEP) HIDClass (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {16288A41-C2C5-4FAF-AE9F-35F568206DAF} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-07] (Sony Corporation)
    Task: {1EB78963-8973-4D83-A0E9-AE408E3A5170} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
    Task: {2588A928-8489-41B3-BD0C-746BEEE9535E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2011-07-07] (Sony Corporation)
    Task: {283895E1-BA16-47B7-8A86-9E8B6D0F4B0E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-31] (AVAST Software)
    Task: {3AAD9128-4173-4211-9DF2-7A4632E205A4} - System32\Tasks\HIbernate => C:\Windows\SysWOW64\shutdown.exe [2009-07-14] (Microsoft Corporation)
    Task: {3C86DB85-51B2-4D9F-9B4A-E7C05DB73CF5} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
    Task: {4573E870-ED1F-4016-96CC-00A2157C611C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-18] (AVAST Software)
    Task: {535F57D9-3E05-47F5-B17D-17D80EE53860} - System32\Tasks\{9BAB684E-7944-4F8A-9C13-6EC483B66685} => pcalua.exe -a "E:\15. broadcam bluetooth driver.EXE" -d E:\
    Task: {581588FE-D751-48EE-85D7-58972EE43064} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {61BB0537-A514-4D1F-A714-F6A6C13E57FA} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
    Task: {66280527-3B64-4833-89A4-2F235768FD9D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
    Task: {7D0B1F98-1412-49B9-83E1-76F6DAD12DBE} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
    Task: {8816E919-F55C-494D-95CB-E5C67BDFD8B7} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
    Task: {94CE11CA-2F2F-437A-B9B8-646288873B5C} - System32\Tasks\SafeZone scheduled Autoupdate 1466197035 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
    Task: {9C629BC6-692E-4F55-8E3C-A1DBFBC42510} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => C:\Program Files\Sony\VAIO Smart Network\VSNClient [Argument = /Start]
    Task: {A1491F84-6B64-4D60-A8E7-FA6210E12F6F} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2011-05-31] (Sony Corporation)
    Task: {DCBE3875-86A4-4E94-8288-5EA2526F3BFD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-18] (Google Inc.)
    Task: {E33F2BF6-A8CB-4662-BBAD-7B99863461FA} - System32\Tasks\BDRemovalTool => C:\Users\Rebecca\AppData\Local\Temp\BDRemovalTool\BDRemovalTool.exe <==== ATTENTION
    Task: {EEDE3F1A-861E-49FF-8F84-25B8A821E964} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-09-14] (COMODO)
    Task: {F3E11926-3D97-4CED-AD61-1FDB91E84D6A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-09-14] (COMODO)
    Task: {F5001264-539A-4221-B86D-9E2BF6800BA5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {FD5D3BF6-307F-4DB8-8721-0461985A10CA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


    ==================== Shortcuts =============================


    (The entries could be listed to be restored or removed.)


    ShortcutWithArgument: C:\Users\Rebecca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Rebecca - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default


    ==================== Loaded Modules (Whitelisted) ==============


    2012-01-04 11:28 - 2012-01-04 11:28 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
    2016-06-18 13:37 - 2016-03-09 20:43 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
    2016-06-18 13:37 - 2016-03-09 20:43 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
    2016-10-04 00:17 - 2016-10-04 00:17 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Caps.exe
    2016-10-04 02:08 - 2016-10-04 02:06 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Copy.exe
    2016-10-04 01:32 - 2016-10-04 01:33 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Copycontents.exe
    2016-10-03 21:29 - 2016-10-03 21:29 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\dashlane.exe
    2016-10-03 21:52 - 2016-10-03 21:52 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Downloads.exe
    2016-10-04 01:42 - 2016-10-04 01:42 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\FavSongs.exe
    2016-10-03 21:07 - 2016-10-03 21:07 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Google.exe
    2016-10-08 00:53 - 2016-10-08 00:53 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Hidemedia1.exe
    2016-10-03 21:19 - 2016-10-03 21:19 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\LibreOffice.exe
    2016-10-03 23:04 - 2016-10-03 23:04 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Notepad.exe
    2016-10-04 01:08 - 2016-10-04 01:08 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Paint.exe
    2016-10-03 21:09 - 2016-10-03 21:09 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Recycle.exe
    2016-10-04 00:44 - 2016-10-04 00:44 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Song.exe
    2016-10-08 00:52 - 2016-10-08 00:52 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Text1.exe
    2016-10-04 00:44 - 2016-10-04 00:44 - 01087488 ____H () C:\Users\Rebecca\Desktop\Programs\Tutorial.exe
    2016-10-04 19:43 - 2016-09-25 11:32 - 02279528 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
    2016-10-04 19:43 - 2016-09-25 11:32 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
    2016-10-02 14:23 - 2016-09-22 17:38 - 00535424 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\DashlanePlugin.exe
    2016-08-31 14:39 - 2016-08-31 14:39 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-10-13 14:33 - 2016-10-13 14:33 - 03118936 _____ () C:\Program Files\AVAST Software\Avast\defs\16101300\algo.dll
    2016-08-31 14:39 - 2016-08-31 14:39 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-06-18 01:45 - 2011-07-07 15:44 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
    2016-06-26 23:12 - 2016-06-26 23:12 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-07-29 13:35 - 2016-07-29 13:35 - 01034856 _____ () C:\Program Files (x86)\LibreOffice 5\program\libxml2.dll
    2016-07-29 13:35 - 2016-07-29 13:35 - 00404072 _____ () C:\Program Files (x86)\LibreOffice 5\program\glew32.dll
    2016-07-29 13:35 - 2016-07-29 13:35 - 00182888 _____ () C:\Program Files (x86)\LibreOffice 5\program\libxslt.dll
    2016-07-29 13:35 - 2016-07-29 13:35 - 00116328 _____ () C:\Program Files (x86)\LibreOffice 5\program\python3.dll
    2016-07-29 11:35 - 2016-07-29 11:35 - 00049152 _____ () C:\Program Files (x86)\LibreOffice 5\program\python-core-3.3.0\lib\_socket.pyd
    2016-10-02 14:23 - 2016-09-22 17:33 - 00347520 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 00436096 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 00469376 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 63126912 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 00292736 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 06294912 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 07412608 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 13651840 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 02284928 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.1.18109.dll
    2016-10-02 14:23 - 2016-09-22 17:33 - 00334208 _____ () C:\Users\Rebecca\AppData\Roaming\Dashlane\4.6.1.18109\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.1.18109.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)


    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]


    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86159243.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86159243.sys => ""="Driver"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)


    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com


    There are 7914 more sites.


    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\...\123simsen.com -> www.123simsen.com


    There are 7914 more sites.




    ==================== Hosts content: ==========================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2009-07-14 08:04 - 2016-09-15 15:39 - 00453264 ____R C:\Windows\system32\Drivers\etc\hosts


    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com


    There are 15554 more lines.




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-2346135004-3240251215-1620024443-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rebecca\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    MSCONFIG\Services: !SASCORE => 2
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMPPALR3 => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bluetooth Device Monitor => 2
    MSCONFIG\Services: Bluetooth Media Service => 3
    MSCONFIG\Services: Bluetooth OBEX Service => 2
    MSCONFIG\Services: Bonjour Service => 2
    MSCONFIG\Services: BTHSSecurityMgr => 2
    MSCONFIG\Services: btwdins => 2
    MSCONFIG\Services: ESRV_SVC => 2
    MSCONFIG\Services: EvtEng => 2
    MSCONFIG\Services: FPLService => 2
    MSCONFIG\Services: GobiQDLService => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: IconMan_R => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: MyWiFiDHCPDNS => 3
    MSCONFIG\Services: RegSrvc => 2
    MSCONFIG\Services: SDScannerService => 2
    MSCONFIG\Services: SDUpdateService => 2
    MSCONFIG\Services: SDWSCService => 2
    MSCONFIG\Services: SystemUsageReportSvc_WILLAMETTE => 2
    MSCONFIG\Services: UNS => 2
    MSCONFIG\Services: USER_ESRV_SVC => 3
    MSCONFIG\Services: USER_ESRV_SVC_WILLAMETTE => 3
    MSCONFIG\Services: VAIO Event Service => 2
    MSCONFIG\Services: VAIO Power Management => 2
    MSCONFIG\Services: VCService => 3
    MSCONFIG\Services: VSNService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupreg: Apoint => %ProgramFiles%\Apoint\Apoint.exe
    MSCONFIG\startupreg: AutoStarter => C:\ProgramData\AutoStarter\AutoStarter.exe
    MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    MSCONFIG\startupreg: ClientAppLogon => C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
    MSCONFIG\startupreg: ClientAppLogon32 => C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
    MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
    MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
    MSCONFIG\startupreg: IntelPAN => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    MSCONFIG\startupreg: ISBMgr.exe => "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
    MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{3BF82DB6-E287-4F38-A0D5-CFF433A4DF41}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{8773A470-EAA6-4304-B8C7-10E1538ECF02}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{A3870A18-4727-46C8-BFEF-3719A4D6FE87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{1FF536AE-EEFF-43CF-8BB6-9A34C9408ED3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{2F561A12-AE40-4F5D-8BB2-98C40EF612BD}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe
    FirewallRules: [UDP Query User{90E48BC1-5080-4C58-AECE-E399242D4E41}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe
    FirewallRules: [{5537A207-956C-4D12-9BB4-5D15E2ACD02A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service


    ==================== Restore Points =========================


    06-10-2016 19:46:27 Checkpoint by HitmanPro
    07-10-2016 12:15:47 Revo Uninstaller's restore point - AutoHotkey 1.1.24.01
    12-10-2016 22:43:21 Windows Update
    13-10-2016 13:26:48 Windows Update
    14-10-2016 03:00:17 Windows Update
    15-10-2016 03:00:13 Windows Update
    15-10-2016 09:37:56 Windows Update
    16-10-2016 03:00:16 Windows Update
    16-10-2016 23:26:36 Windows Update
    17-10-2016 03:00:14 Windows Update
    18-10-2016 03:00:15 Windows Update


    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (10/19/2016 06:59:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/17/2016 04:52:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/16/2016 11:28:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/16/2016 10:06:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/15/2016 09:39:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/15/2016 03:03:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/14/2016 11:53:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/13/2016 11:28:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/13/2016 10:23:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


    Error: (10/13/2016 09:48:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.




    System errors:
    =============
    Error: (10/19/2016 07:01:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).


    Error: (10/18/2016 01:30:24 PM) (Source: Tcpip) (EventID: 4199) (User: )
    Description: The system detected an address conflict for IP address 0.0.0.0 with the system
    having network hardware address 00-00-00-00-00-00. Network operations on this system may
    be disrupted as a result.


    Error: (10/17/2016 04:56:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).


    Error: (10/16/2016 11:31:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).


    Error: (10/16/2016 10:34:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


    Error: (10/16/2016 10:10:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).


    Error: (10/15/2016 09:43:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).


    Error: (10/15/2016 03:31:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


    Error: (10/15/2016 03:07:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB3177467).


    Error: (10/15/2016 12:21:29 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Avast Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.




    CodeIntegrity:
    ===================================
    Date: 2016-07-31 15:36:26.738
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 15:36:15.116
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 15:36:15.038
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 14:43:49.422
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 14:43:35.741
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 14:43:35.585
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 12:50:45.329
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 12:50:31.819
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-31 12:50:31.726
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


    Date: 2016-07-30 19:36:27.051
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\idmwfp.sys because the set of per-page image hashes could not be found on the system.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz
    Percentage of memory in use: 57%
    Total physical RAM: 6059.82 MB
    Available physical RAM: 2571.7 MB
    Total Virtual: 12117.83 MB
    Available Virtual: 7795.8 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:931.41 GB) (Free:501.45 GB) NTFS ==>[drive with boot components (obtained from BCD)]


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EEEF3C86)
    Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================

  3. #3

    Re: Need help with detection of malware!

    Result of Security Analysis by Rocket Grannie (x86) Updated: 16th October, 2016
    Running from:C:\Users\Rebecca\Downloads\Programs & setup files (19:49:05 - 10/19/2016)
    ***---------------------------------------------------------***
    Microsoft Windows 7 Professional X64 Service Pack 1
    UAC is Enabled!
    Internet Explorer *Internet Explorer is out of Date*
    Default Browser: Google Chrome
    ***-----------------Anti-Virus - Firewall-------------------***
    Avast Antivirus (Enabled - Up to Date)
    Firewall: Comodo Firewall
    ***----------------AntiSpyware - Miscellaneous---------------***
    Adobe Flash Player Plugin is not installed
    HitmanPro (version 3.7)
    Malwarebytes Anti-Exploit (version 1.8.1.2572)
    Malwarebytes Anti-Malware (version 2.2.1.1043)
    Spybot - Search & Destroy (version 2.4)
    SUPERAntiSpyware (version 6)
    Windows Live Essentials (version 16.4)


    Google Chrome (version 53.0.2785.143) is *out of Date*


    ***----------------Analysis Complete-------------------------***

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: Need help with detection of malware!

    Hi, Rebecca. Welcome to Sysnative!
    I often come across various ads which seem highly suspicious, & i have to close them before i can view the episodes. so i highly suspect that my security has been compromised.
    Sites providing online streaming of TV shows do tend to have rather questionable ads, which is what I believe you are running into rather than malware. Since Google Chrome is your default browser (which you need to update since it is outof date!), you may want to select one of the ad-block extensions listed below (or go to the Chrome Web Store and select one from the extensions available there):

    uBlock Origin: uBlock Origin - Chrome Web Store
    Adblock Plus: Adblock Plus - Chrome Web Store

    Both of those extensions are also available for Firefox and Adblock Plus is available for IE. Please give one of the extensions a try and let me know if that makes a difference.

    1. Regarding your use of MSCONFIG: Please keep in mind the following from Using System Configuration (msconfig) - Windows Help:

    System Configuration is a tool that can help identify problems that might prevent Windows from starting correctly. You can start Windows with common services and startup programs turned off and then turn them back on, one at a time. If a problem doesn't occur when a service is turned off, but does occur when that service is turned on, then the service could be the cause of the problem.

    System Configuration is intended to find and isolate problems, but it's not meant as a startup management program. {Bold added}
    In other words, MSConfig is useful for troubleshooting but not for managing startup programs. Using MSConfig can lock malware in the registry, only to become apparent should it be restored to normal start up. In addition, registry and startup entries in MSConfig end up as leftovers when uninstalling a program.

    2. Let's do a bit of cleanup. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.
    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    GroupPolicy: Restriction <======= ATTENTION
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86159243.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86159243.sys => ""="Driver"
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST.exe | FRST64.exe
      • Please post the log in your next reply.
    rebeccavalentine says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Need help with detection of malware!

    Thank you so much for your help..
    Thanks a ton..
    I never knew I'd get your reply this fast :)

    Thanks again for your suggestion.. Ive now installed the UBlock Origin extension for chrome..
    & Ive update it too..

    & about the msconfig thing.. I have been living with the misconception that I could use it as a start up manager.. Thanks for your explanation.. I now get it..

    I did what you said.. & Ive pasted the log here..
    ( PS after the system reboot, when i tried to start autohotkey (which i always use) the system started behaving weirdly. The window crashed. And then when i tried to open any window, nothing happened. I waited for a good 10 minutes but still nothing happened. Then i tried to restart.. But the "logging off" screen remained forever & i abruptly turned it off using the power button. After starting it again, Im having no issues..


    Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
    Ran by Rebecca (26-10-2016 01:11:36) Run:1
    Running from C:\Users\Rebecca\Downloads\Programs & setup files
    Loaded Profiles: Rebecca & (Available Profiles: Rebecca)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    GroupPolicy: Restriction <======= ATTENTION
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\inetcomm.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\inetcomm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\INETRES.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\MSVidCtl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\86159243.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\86159243.sys => ""="Driver"
    EmptyTemp:
    end
    *****************


    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
    C:\Windows\system32\GroupPolicy\Machine => moved successfully
    C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
    C:\Windows\system32\adsmsext.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\adtschema.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\advapi32.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\apisetschema.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\appidapi.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\appidcertstorecheck.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\appidpolicyconverter.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\appidsvc.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\auditpol.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\certcli.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\conhost.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\credssp.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\cryptbase.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\csrsrv.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\davclnt.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\DWrite.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\FntCache.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\inetcomm.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\INETRES.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\kerberos.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\kernel32.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\KernelBase.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\lsasrv.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\lsass.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\MRT.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\msaudite.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\msobjs.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\msv1_0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\ncrypt.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\ntdll.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\ntoskrnl.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\ntvdm64.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\rpchttp.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\rpcrt4.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\rstrui.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\schannel.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\secur32.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\setbcdlocale.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\smss.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\srclient.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\srcore.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\sspicli.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\sspisrv.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\TSpkg.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\wdigest.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\WebClnt.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\win32k.sys => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\winload.efi => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\winresume.efi => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\winsrv.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\wow64.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\wow64cpu.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\wow64win.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\adsmsext.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\adtschema.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\advapi32.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\apisetschema.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\appidapi.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\auditpol.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\certcli.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\credssp.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\cryptbase.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\davclnt.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\DWrite.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\inetcomm.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\INETRES.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\instnm.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\kerberos.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\kernel32.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\KernelBase.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\msaudite.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\msobjs.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\msv1_0.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\MSVidCtl.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\ncrypt.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\ntdll.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\ntkrnlpa.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\ntoskrnl.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\ntvdm64.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\rpchttp.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\rpcrt4.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\schannel.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\secur32.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\setup16.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\srclient.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\sspicli.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\TSpkg.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\user.exe => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\wdigest.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\WebClnt.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\SysWOW64\wow32.dll => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\Drivers\appid.sys => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\Drivers\dfsc.sys => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\Drivers\ksecdd.sys => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\Drivers\ksecpkg.sys => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\Drivers\mrxdav.sys => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\Drivers\mrxsmb.sys => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\Drivers\mrxsmb10.sys => ":$CmdTcID" ADS could not remove.
    C:\Windows\system32\Drivers\mrxsmb20.sys => ":$CmdTcID" ADS could not remove.
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\86159243.sys" => key removed successfully
    "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\86159243.sys" => key removed successfully


    =========== EmptyTemp: ==========


    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 80734695 B
    Java, Flash, Steam htmlcache => 0 B
    Windows/system/drivers => 1907398 B
    Edge => 0 B
    Chrome => 26066628 B
    Firefox => 135468 B
    Opera => 0 B


    Temp, IE cache, history, cookies, recent:
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 617 B
    systemprofile32 => 10531 B
    LocalService => 132244 B
    NetworkService => 13360 B
    Rebecca => 12262831 B
    Fireflies & Stars => 123873 B


    RecycleBin => 0 B
    EmptyTemp: => 123.8 MB temporary data Removed.


    ================================




    The system needed a reboot.


    ==== End of Fixlog 01:12:40 ====

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: Need help with detection of malware!

    Hi, Rebecca.

    You're welcome. We do our best to help our members as quickly as we can. With the ad-block software, are you no longer seeing the suspicious ads? Just to be sure, let's run another program:

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Right-click on AdwCleaner.exe and select Run As Administrator
    • The tool will start to update the database, please wait a bit.
    • Click on the Scan button.
    • AdwCleaner will begin. Please be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7

    Re: Need help with detection of malware!

    Yes I have never seen replies as fast as this in any other forum.. Just amazing & thanks a ton again :)
    Its a great help to novice users like me.. :)


    Actually im sorry.. I had installed UBlock origin.. Not ad-block.. But then UBlock origin is just great.. Im not seeing any suspicious & annoying ads.. It indeed does wonders.. :) Thank you so much for letting me know about this. All the annoying ads are now gone & all i can do is smile! :)


    Yes Ive done what you asked me to, & ive posted the log as well.. I cant believe that these toolbars were actually present! I had been very keen right from the start about carefully installing programs only from known authors & had unchecked crap like this during installs. Still they managed to creep in? & I had uninstalled internet explorer also, so this is shocking to me!


    Is everything clean now?? Or should i do something else?? :)
    Thanks a ton again :) Will be forever grateful :)




    # AdwCleaner v6.030 - Logfile created 28/10/2016 at 08:03:49
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-10-27.1 [Server]
    # Operating System : Windows 7 Professional Service Pack 1 (X64)
    # Username : Rebecca - REBECCA-PC
    # Running from : C:\Users\Rebecca\Downloads\Programs & setup files\adwcleaner_6.030.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support






    ***** [ Services ] *****






    ***** [ Folders ] *****






    ***** [ Files ] *****






    ***** [ DLL ] *****






    ***** [ WMI ] *****






    ***** [ Shortcuts ] *****






    ***** [ Scheduled Tasks ] *****






    ***** [ Registry ] *****


    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com




    ***** [ Web browsers ] *****


    [-] [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com




    *************************


    :: "Tracing" keys deleted
    :: Winsock settings cleared


    *************************


    C:\AdwCleaner\AdwCleaner[C0].txt - [1222 Bytes] - [28/10/2016 08:03:49]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1492 Bytes] - [28/10/2016 07:52:16]


    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1368 Bytes] ##########

  8. #8
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: Need help with detection of malware!

    Hi, Rebecca.

    Comments such as yours are the very reason I devote time to helping others. It is great to know that I put a smile on your face!

    I had been very keen right from the start about carefully installing programs only from known authors & had unchecked crap like this during installs.
    Yes, the practice of pre-checked optional programs offered with updates/downloads is very frustrating. You may be interested in using Unchecky - Keeps your checkboxes clear.

    Now that your computer is "back to normal", let's take care of removing the tools used:

    Please download Delfix from here.

    Ensure the following boxes are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Click Run

    The program will run for a few moments and then notepad will open with a log which you can close.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  9. #9

    Re: Need help with detection of malware!

    Its extremely sweet of you to actually try & help others. Not many will have the heart to do so :) Thanks a ton again.. :)

    Will try unchecky for sure.. Sounds interesting.. Download has already begun :)

    BTW, when i ran adwcleaner yesterday, just to ensure if everything is alright, i again found those 2 annoying toolbars!! Not sure of what to do now. Why do they keep appearing again & again?? Please help me out.. Please..
    ( PS I use Jdownloader2 to download files from internet.. Ive read that its comes with malware. But I had taken good care not to install any malware that came with it. Can auto update of that software download malware into my system without my knowledge?
    And I use catchvideo.net to download some episodes which jdownloader2 cant.. )

    And one more doubt Why is it necessary to remove the tools?? Cant I keep them just to perform some scans every once in a week?? :)

    Here is the log for the second scan..

    # AdwCleaner v6.030 - Logfile created 28/10/2016 at 20:40:43
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-10-28.1 [Server]
    # Operating System : Windows 7 Professional Service Pack 1 (X64)
    # Username : Rebecca - REBECCA-PC
    # Running from : C:\Users\Rebecca\Downloads\Programs & setup files\adwcleaner_6.030.exe
    # Mode: Scan
    # Support : Malwarebytes | Customer Support & Help Center






    ***** [ Services ] *****


    No malicious services found.




    ***** [ Folders ] *****


    No malicious folders found.




    ***** [ Files ] *****


    No malicious files found.




    ***** [ DLL ] *****


    No malicious DLLs found.




    ***** [ WMI ] *****


    No malicious keys found.




    ***** [ Shortcuts ] *****


    No infected shortcut found.




    ***** [ Scheduled Tasks ] *****


    No malicious task found.




    ***** [ Registry ] *****


    No malicious registry entries found.




    ***** [ Web browsers ] *****


    No malicious Firefox based browser items found.
    Chrome pref Found: [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
    Chrome pref Found: [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com


    *************************


    C:\AdwCleaner\AdwCleaner[C0].txt - [1451 Bytes] - [28/10/2016 08:03:49]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1492 Bytes] - [28/10/2016 07:52:16]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1339 Bytes] - [28/10/2016 08:33:52]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1421 Bytes] - [28/10/2016 20:40:43]


    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1494 Bytes] ##########

  10. #10
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: Need help with detection of malware!

    Hi, Rebecca.

    This was the first time I've heard about either catchvideo.net or Jdownloader2. I didn't see anything questionable about catchvideo but would advise caution with Jdownloader2. Although the majority of the user input reviewing Jdownloader2 at WOT reports it safe, in addition to reports of browser hijacks, toolbars, etc., hpHOSTS reported, "Engaged in the use of misleading marketing tactics." For the record, hpHOSTS is managed by a fellow MVP and, additionally, it is "Powered by Malwarebytes". Is Jdownloader.org Safe? Community Reviews | WOT (Web of Trust) and hpHosts Online.

    Note the difference in bold between the two AdwCleaner scans:
    AdwCleaner First Scan Result (with Clean):
    [-] [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Profile 2\Web data] [Search Provider] Deleted: ask.com

    AdwCleaner Second Scan Result (with Scan):
    Chrome pref Found: [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
    Chrome pref Found: [C:\Users\Rebecca\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

    I don't know why the first scan/clean didn't include the files shown in the location of second scan. However, let's see what happens when you use the AdwCleaner "Clean" option this time plus add another tool to the mix.

    1. Double-click AdwCleaner.exe to run the tool again.
    • Click the Scan button.
    • AdwCleaner will begin to scan your computer like it did before.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • After the scan has finished,
    • This time click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    2. Please download Junkware Removal Tool to your desktop.
    • Disable your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  11. #11

    Re: Need help with detection of malware!

    Thank you so so much for suggesting this to me. & for taking out your precious time to help me. Yes I ll be cautious.. :)
    Again, Ive never seen replies as fast as this in any other forum. Thanks to Sysnative & a special thanks to you. U guys make our lives easier.. Heartfelt thank you :)


    Oops.. so they are not the same? I hadnt noticed it


    Here is the log.. for junkware removal tool.. (Adwcleaner found nothing.. )
    ( I ran junkware removal tool for the second time too, but it found nothing on the second scan..
    But when I ran it for the third time, it found these files
    I really dont know what is going on with my system )


    But, Thanks again :) a ton :)


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 7 Professional x64
    Ran by Rebecca (Administrator) on Sat 10/29/2016 at 8:11:13.44
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    File System: 16


    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0708TI51 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBZWGXL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SMS09XT (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GBMOBQQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N0TIPYG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXE792J3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQA3B6R4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0708TI51 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBZWGXL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SMS09XT (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5GBMOBQQ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6N0TIPYG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXE792J3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQA3B6R4 (Temporary Internet Files Folder)






    Registry: 0










    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 10/29/2016 at 8:24:58.93
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 7 Professional x64
    Ran by Rebecca (Administrator) on Sun 10/30/2016 at 6:38:31.65
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    File System: 12


    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBZWGXL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16WN6622 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ORO3OC8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXE792J3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD1SKXTJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JBZWGXL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\16WN6622 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ORO3OC8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXE792J3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WD1SKXTJ (Temporary Internet Files Folder)






    Registry: 0










    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 10/30/2016 at 6:57:17.60
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  12. #12

    Re: Need help with detection of malware!

    Im so so so sorry for the double post..
    I wanted to edit the old past & add this, but couldnt do so.. sorry again

    Out of curiosity, I tried running JRT again, & the scan result again came up with something..
    Am i in trouble?
    Why do JRT & Adwcleaner keep detecting something or the other in every scan??? please help

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 7 Professional x64
    Ran by Rebecca (Administrator) on Sun 10/30/2016 at 7:19:27.98
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~








    File System: 2


    Successfully deleted: C:\Users\Rebecca\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNA2UFN3 (Temporary Internet Files Folder)






    Registry: 0










    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 10/30/2016 at 7:37:47.23
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  13. #13

    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    1,583

    Re: Need help with detection of malware!

    Hi Rebeccavalentine. :)

    You can see those are empty (?) temporary internet files folders.
    Nothing to be concerned of.


  14. #14
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: Need help with detection of malware!

    Hi, Rebecca.

    xilolee is correct. All JRT found was temporary internet files. A simple explanation of temporary internet files is available here: What is Temporary Internet Files? - Definition from Techopedia.

    Since Google Chrome is your primary browser, instructions for clearing cache and cookies are available in this help document: Clear cache and cookies - Accounts Help.

    Did you scan with AdwCleaner again, using the Clean option?


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  15. #15

    Re: Need help with detection of malware!

    Quote Originally Posted by xilolee View Post
    Hi Rebeccavalentine. :)

    You can see those are empty (?) temporary internet files folders.
    Nothing to be concerned of.

    god
    dis feels so embarrassing..
    sorry i did not notice this at all..
    & thank you :)

  16. #16

    Re: Need help with detection of malware!

    Quote Originally Posted by Corrine View Post
    Hi, Rebecca.

    xilolee is correct. All JRT found was temporary internet files. A simple explanation of temporary internet files is available here: What is Temporary Internet Files? - Definition from Techopedia.

    Since Google Chrome is your primary browser, instructions for clearing cache and cookies are available in this help document: Clear cache and cookies - Accounts Help.

    Did you scan with AdwCleaner again, using the Clean option?

    Sorry..
    i really did not notice this at all..
    such a dumbo i am
    & yes i did a scan.. results were positive.. :)
    & thank again.. thanks a lot.. :)

  17. #17
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: Need help with detection of malware!

    No, no, Rebecca, not a "dumbo", rather an inquiring mind!

    You asked earlier:
    Why is it necessary to remove the tools?? Cant I keep them just to perform some scans every once in a week??
    It is the "normal" part of our process to remove the tools/logs used for a couple of reasons. First, some tools should only be used with the guidance of someone trained in their use. Second, many people don't want additional programs cluttering their desktop.

    If you wish to keep the stand-alone programs AdwCleaner and JRT (Junkware Removal Tool), that is fine. However, please be sure to update them before running. However, please do not attempt to do anything with FRST on your own. I would rather you remove it and any logs stored in the C:\Users\Rebecca\Downloads\Programs & setup files folder.

    Although Google Chrome is your primary browser, there are times you may use Internet Explorer, which is severely out of date. I strongly advise that you update to IE11. Internet Explorer downloads - Windows Help Select the version for your 64-bit operating system. Expect to see a number of IE updates along the line as well.

    Hopefully, you also saw my earlier reminder to update Google Chrome. Even if you updated then, Adobe Flash Player received a critical "out-of-band" update last week so I suggest you check Chrome again for updates.

    Please let me know if you have any questions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  18. #18

    Re: Need help with detection of malware!

    Sorry for double post.. *edited*

  19. #19

    Re: Need help with detection of malware!

    @corrine Thank you so much again.. And, so sorry for responding so late. I had forgotten about my own question & did not think you ll reply... "Inquiring mind" is much better than being termed a dumbo.. Sweet of you :)Now i get it.. Yeah I have decided to keep AdwCleaner & JRT, while deleting FRST & its logs.. :)I thought I had uninstalled IE completely! :O& yes I have updated google chrome as you have said.. Thanks again for all your replies & response.. thank you so much for your time.. :)

  20. #20
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,107

    Re: Need help with detection of malware!

    You are most welcome!


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

Similar Threads

  1. ADW-cleaner detection: malware?
    By LASERoneZZZ in forum Security Arena
    Replies: 12
    Last Post: 03-23-2016, 03:10 PM
  2. Improving Malware Detection in Firefox
    By JMH in forum Web Browser News
    Replies: 0
    Last Post: 07-25-2014, 09:37 PM
  3. Replies: 0
    Last Post: 11-12-2013, 02:49 AM
  4. Replies: 1
    Last Post: 09-18-2012, 11:25 AM

Log in

Log in